Re: Firebox and PIX

From: Leythos (void_at_nowhere.com)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 12:36:41 GMT

In article <8d3222ac.0408091156.411eb02c@posting.google.com>, chad@ic-
2000.com says...
> I have a PIX and a Firebox SOHO connected through a IPSec VPN. The
> traffic over the VPN is quite slow compared to non-VPN traffic tested
> between the same 2 sites. Does anyone have any suggestions about
> troubleshooting this problem? Has anyone used a similar setup (ie. a
> firebox with a pix) and how did it work out?

The SOHO units are the bottom end of the Firebox line, they are designed
for small offices (5-10 nodes), with an upgrade to 25 or 50 nodes. I
have installed many of them in locations with less than 25 nodes and
used the IPSec tunnel feature to connect to the home office. If you have
the SOHO 6tc unit, I have not found them to be a performance problem,
when connected to a T1 I find that we get about line speed over the VPN
to the home office.

In locations where we've selected a non-SOHO product, I've seen problems
with MTU size with some ISP's. We've had to change the MTU down as low
as 1400's in some locations in order to get any real performance.

One other thing we've seen, intermittent connections on the WAN site -
where the VPN units are dropping out, but only long enough to cause the
VPN to resync and not drop the web browsing functions. What I mean is
that the VPN tunnel traffic drops, resync's, and yet the users don't
have a problems accessing the web (since it's not through the VPN) since
it's only a blip. We had to drop one ISP due to this, worked with them
for 6 months and they could not fix their problem - new ISP works fine
with the same hardware on our end. 

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: VPN for 11 users
    ... >> have to carry traffic for other internet uses besides VPN, ... you'll require a Soho with sufficient user ... A 10-user license allows the first 10 machines using a Firebox SOHO ... This does not affect incoming connections." ...
    (comp.security.firewalls)
  • Re: Industry Standard Security and guest wifi access best practice
    ... with IPSEC VPN clients has not been positive. ... Then they probably won't support other forms of security. ... to switch all connections into SSL mode. ... Use WPA to encrypt wireless traffic, ...
    (alt.internet.wireless)
  • Re: VPN between office and Home
    ... Hard Drive as my second location backup for my SBS2003. ... On the XP box at home, go to Control Panel -> Network Connections. ... for my second location backup my main server files. ... That is why I want to get a VPN ternnel instead of client VPN or RWW. ...
    (microsoft.public.windows.server.sbs)
  • Windows 2003 servers replication problemes throught harware vpn box
    ... I have this vpn connextion with a Soho and a Firebox From Watchguard ... I've done this procedure many times with win2k servers without any problem ...
    (microsoft.public.windows.server.general)
  • Windows 2003 servers replication problemes throught harware vpn box
    ... I have this vpn connextion with a Soho and a Firebox From Watchguard ... I've done this procedure many times with win2k servers without any problem ...
    (microsoft.public.windows.server.general)